Global Identity & Compliance Manager

Carmeuse

Bengaluru, India

12-15 Years

Save

Posted 6 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Job Description

The Global Security & Compliance Manager is responsible for driving key cyber security governance activities across the organization, with a clear three-fold focus: Compliance, Awareness, and Vulnerability Management. This is a global role based in India (Bengaluru), requiring a strong mix of technical understanding, pragmatism, and the ability to deliver practical outcomes in a complex environment.

Compliance: The role supports regulatory and audit-driven requirements (e.g., GDPR, NIS2, SAP security audits, SWIFT compliance) and ensures these obligations are translated into practical controls, evidence, and sustainable processes. The manager partners closely with IT, Legal, Privacy, business owners, and internal & external auditors to strengthen audit readiness, manage findings, and continuously improve compliance maturity.

Security Awareness: The role owns the global security awareness program, including phishing simulations and training campaigns via KnowBe4, driving measurable improvements in employee behavior, engagement, and completion rates across the business.

Vulnerability Management: The role leads and coordinates the global vulnerability management process, ensuring vulnerabilities are identified, prioritized, tracked, and remediated through consistent governance, reporting, and escalation (in close collaboration with infrastructure and application owners).

This is a people manager role, with the manager and team based in India. The manager will have one dedicated Cyber Compliance Analyst as a direct report and will also provide people management oversight to a team of three SOC Cyber Analysts in a matrix setup. Functional (day-to-day) management of the SOC analysts is led by the Global IT Security Manager (Belgium based), while this role focuses on coaching, development, performance inputs, and ensuring alignment to the overall Cyber security priorities where relevant.

Direct functional reportees to him/her:

Cyber Compliance Analyst (1 FTE) India based
SOC Cyber Analysts (3 FTE) India based; people management in a matrix setup; functional management led by the Global IT Security Manager

Authority

The Global Security & Compliance Manager has the authority to define and maintain security compliance processes and supporting governance documentation, coordinate audit activities across control owners, and drive follow-up on compliance gaps and remediation actions. The role is empowered to establish reporting and escalation mechanisms for overdue compliance actions and critical vulnerabilities, and to recommend improvements to controls and processes to senior management when needed. The role also has people-management accountability for the Cyber Compliance Analyst and matrix people-leadership responsibility for SOC analysts (in alignment with the Global IT Security Manager's functional leadership).

Key performance indicators

Audits completed on time & % of audit findings closed on time (and reduction of repeat findings)
Vulnerability remediation performance vs agreed SLAs (e.g., critical/high)
Security awareness effectiveness (training completion rate, phishing simulation click/report rates)
Team performance and engagement outcomes (delivery vs priorities, development progress, retention/feedback)

RESPONSIBILITIES:

Lead the global Security & Compliance agenda, ensuring regulatory and audit-driven requirements are translated into practical controls, processes, and measurable outcomes.
Support and coordinate global regulatory compliance initiatives (e.g., GDPR, NIS2, SAP security audits, SWIFT compliance), including control design, documentation, and evidence management.
Act as a key contributor to audit readiness and execution: prepare evidence packs, coordinate control owners, support walkthroughs, track findings, and drive remediation closure.
Own and continuously improve the global security awareness program (KnowBe4), including phishing simulations, training campaigns, reporting, and stakeholder engagement.
Lead and coordinate the vulnerability management process: governance, prioritization approach, remediation tracking, reporting cadence, and escalation of overdue/high-risk vulnerabilities (in partnership with IT/OT/infra/application owners).
Provide people leadership to the Cyber Compliance Analyst, including goal setting, coaching, performance management, and development planning.
In a matrix setup, provide people management oversight for the SOC analysts (coaching, development, performance inputs, engagement), while aligning closely with the Global IT and OT Security Managers who leads functional execution and daily prioritization.
Develop and maintain core security governance artifacts (policies, standards, procedures, control narratives, exception handling) aligned to operational realities and regulatory expectations.
Define and maintain compliance-relevant security metrics and reporting, providing clear visibility to leadership on compliance posture, audit findings, vulnerability trends, and awareness effectiveness.
Support baseline IAM-related security controls as needed for compliance (e.g., SSO/MFA principles, access control expectations), ensuring controls are consistently applied and auditable.
Serve as a global point of contact and subject matter contributor for security compliance topics advising stakeholders, sharing best practices, and driving continuous improvement.

Basic Requirements (Education, Level Of Experience, Language)

Bachelor's or master's degree in engineering (Information Technology/ Computer Science), or a related field.
12- 15 years of experience in cyber security with strong exposure to compliance/audit, governance, and cross-functional coordination.
Proven experience in people management (direct and/or matrix leadership), including coaching, performance management, and team development.
Hands-on experience supporting regulatory compliance and audits (e.g., SAP, GDPR, NIS2, internal/external audits); familiarity with enterprise audit evidence expectations.
Experience owning or operating security awareness programs (KnowBe4 strongly preferred; similar platforms acceptable).
Experience with vulnerability management governance (tracking, prioritization, remediation follow-up, reporting); familiarity with common scanning/VM concepts and operational constraints.
Working knowledge of access control and authentication concepts (e.g., SSO/MFA, basic IAM principles); familiarity with Microsoft Entra/Active Directory is a plus.
Proven ability to work across functions (IT, Security, Legal), drive alignment, and close actions without formal authority.
Brings common sense and a pragmatic mindset, able to balance security, compliance, and operational needs.
Excellent communication skills, able to translate technical topics for non-technical audiences and vice versa.
Fluent in English; additional languages are a plus.
Willingness to travel occasionally to support global coordination.

Requisite Knowledge and Skills (Technical knowledge required by the position)

Knowledge

Strong understanding of cyber security governance, control frameworks, and audit evidence expectations
Familiarity with regulatory frameworks and compliance topics such as SAP security audits, GDPR, NIS2, and industry-driven audit requirements (e.g., SAP security audits, SWIFT compliance)
Understanding of vulnerability management principles (risk-based prioritization, remediation lifecycle, reporting)
Awareness of identity and access control fundamentals (SSO/MFA, access principles) as they relate to compliance
Experience building and running cyber security awareness programs (e.g., phishing simulations, training campaigns, content rollout, and effectiveness measurement)

Skills

Strong ability to translate compliance obligations into practical controls, processes, and measurable outcomes
Skilled in cross-functional collaboration, stakeholder alignment, and driving follow-up to closure
Clear, structured communicator both written and verbal
Pragmatic problem-solver with a focus on achievable outcomes in complex environments
Comfortable making progress in ambiguity and prioritizing what matters most

The team:

Your manager will be Eugene Marchenko:

Eugene is our IT Cyber Security Director and is a member of Jose Voisin (our Group CIO) team.

He drives development and leads the implementation of the group's IT & Security strategy, working hand-in-hands with business. He supervises the Identity & Access Manager and the IT Security Manager (both based in Louvain-La-Neuve, Belgium) and the OT Security Lead (based in US: Pittsburgh, PA).

Eugene, who joined Carmeuse in 2021, brings solid experience from international companies. He is looking for someone who can bring the Identity & Access Management function to the next level. A strong sense of ownership will align well with his expectations and the team's dynamic.

To know more about him, please visit Eugene's LinkedIn Profile

The recruitment process:

If you apply for the Identity & Compliance Manager position, here's how the recruitment process looks like:

Ayesha Sur, HR Assistant, will analyze your resume and cover letter and schedule a first screening. You will take two personality questionnaires.
You will have a second interview with Eugene Marchenko, Cyber Security Director, and HR team members.
The last interview will be with Eugene Marchenko's peers (directors), and HR.

About Us

READY TO JOIN A ROCK-SOLID FAMILY

Carmeuse started out as a small family-run business in Belgium.

Today it's a leading global producer of lime, high calcium limestone and dolomitic stone. Its products are essential to energy producers, environmental services, construction and manufacturing.

With over 90 production facilities spread across almost every continent, and over 4,500 employees working at Carmeuse every day, the company's most treasured resources are its people.

Carmeuse is dedicated to maintaining a workplace that fosters equal opportunity and creates a diverse and inclusive work environment. All qualified applicants will be considered for employment regardless of race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation or gender identity. If you require particular assistance with any part of the application or hiring process due to a disability, you can submit your request by sending an email tohrsupport@carmeuse.com. This option is reserved for people requiring adaptation due to a disability. The information received will be processed by Carmeuse and then directed to a local recruiter who will provide assistance to ensure the proper consideration of the application or hiring process.